Biblio

Detection of network attacks is the first step to network security. Many different methods for attack detection were proposed in the past. However, descriptions of these methods are often not complete and it is difficult to verify that the actual implementation matches the description. In this demo paper, we propose to use Complex Event Processing (CEP) for developing detection methods based on network flows. By writing the detection methods in an Event Processing Language (EPL), we can address the above-mentioned problems. The SQL-like syntax of most EPLs is easily readable so the detection method is self-documented. Moreover, it is directly executable in the CEP system, which eliminates inconsistencies between documentation and implementation. The demo will show a running example of a multi-stage HTTP brute force attack detection using Esper and its EPL.

Radio Frequency Identification (RFID) technology has been applied in many fields, such as tracking product through the supply chains, electronic passport (ePassport), proximity card, etc. Most companies will choose low-cost RFID tags. However, these RFID tags are almost no security mechanism so that criminals can easily clone these tags and get the user permissions. In this paper, we aim at more efficient detection proximity card be cloned and design a real-time intrusion detection system based on one tool of Complex Event Processing (Esper) in the RFID middleware. We will detect the cloned tags through training our system with the user's habits. When detected anomalous behavior which may clone tags have occurred, and then send the notification to user. We discuss the reliability of this intrusion detection system and describes in detail how to work.